Spies blow their cover through the internet

By Philip Dorling

26 December 2012 - 02:00am

HUNDREDS of former and some present Australian spies have posted information about their employment with intelligence agencies on the internet in what security experts have called ''a gift for foreign espionage''.

A survey by Fairfax Media has discovered more than 200 former and present intelligence officers who have disclosed their classified employment in profiles on LinkedIn, other professional networking sites and social media including Facebook and Twitter.

While many former and present officers have disclosed only the fact of their employment by agencies including the top secret Defence Signals Directorate and the Defence Intelligence Organisation, some have revealed significant details about their work.

One former officer of the Defence Signals Directorate has illustrated close co-operation between DSD and allied signals intelligence agencies by listing his service with the RAAF's No. 3 Telecommunications Unit at Pearce in Western Australia; the Royal Australian Navy's Shoal Bay Receiving Station near Darwin; postings to Britain's Government Communications Headquarters in Gloucestershire and GCHQ's Composite Signals Station in Cornwall; another posting to the US National Security Agency at Fort Meade, Maryland; and work at the Australian Defence Satellite Communications Station in Geraldton, Western Australia.

Other former Defence Signals Directorate and Defence Intelligence officers have listed postings with counterpart agencies in Canada and New Zealand.

Advertisement

Defence Intelligence Organisation officers have revealed specialist knowledge of counter-terrorism, telecommunications and aerospace issues. Information technology professionals are most common in disclosing their involvement in classified intelligence work.

Former ASIO officers have disclosed their intelligence employment by referring to the well-known cover designation for ASIO as "D Branch, Attorney-General's Department".

A number of present staff at the Joint Defence Facility at Pine Gap near Alice Springs, employees of aerospace giant Raytheon, have revealed their involvement with the top secret intelligence base, including their access to ''special compartmented intelligence'' programs.

Security experts described the freely available information identifying past and present intelligence officers as ''surprising'' and said it provided ''a gift for foreign espionage, especially through social engineering''.

Social engineering is the art of manipulating people into divulging confidential information, either through the introduction of malware into computer systems through carefully crafted, personalised emails - spear phishing, obtaining access to security codes - or by orchestrating social contact with intelligence targets.

Melbourne computer forensics expert Kim Khor said the abundance of personal and career information available on the internet posed a clear security risk for both government and the corporate sector, especially companies engaged in national security work or high technology activities.

''Bad guys would really appreciate this info being available. It's a big advantage to easily identify people who have or have had access to sensitive information,'' Mr Khor said.

''Potential adversaries would be very happy with what's available.''

Robert Winkel, a former DSD officer and now an information security consultant with the Canberra-based Saltbush Group, said Australian intelligence collection agencies actively exploited social media and professional networking sites to gather information on targets.

''ASIS does this, and foreign intelligence agencies are looking for exactly the same sort of information about Australian targets,'' Mr Winkel said.

''The Chinese tend to get a lot of information from open sources, and that can lead to opening up contacts that provide high-level access to classified information.''

Security and intelligence sources said social media had emerged as ''a rich source of information'' to support intelligence operations. ''Once it could take months and laborious inquiries to collect very basic personal information about a target, now so much of that, and much more, is often available on the web,'' one government security source said.

''Former intelligence personnel are worthwhile targets as they could be of direct interest, and may still be connected socially to other people who still work in highly sensitive areas. Social media can reveal the link, and further research may reveal opportunities such as financial issues, gambling and marital problems.''

IT security specialist Chris Gatford said social engineering was highly effective ''because the easiest methods of compromise are via employees''.